There’s a reason why Apple’s computers and iPhone are pretty much invulnerable to outside attacks–Apple controls everything from the operating system to the hardware. It’s hard to find a vulnerability when you don’t know the "secret blend of herbs and spices."
Contrast that to Google’s approach to Android. Google’s mobile platform is made up of more than 80 different open-source components, and the hardware is manufactured by third-party providers.
Perhaps it’s no surprise that Android has already suffered its first security breach. What is surprising is that it occurred because Google simply didn’t keep track of the latest versions of the components it uses in Android.
The flaw lies within one of the open-source components used by the Android platform, say the researchers.
"The vulnerability is due to the fact Google did not use the most up-to-date versions of all these packages," the trio said.
"In other words, this particular security vulnerability that affects the G1 phone was known and fixed in the relevant software package, but Google used an older, still vulnerable version."
Fortunately, the hackers are not making the flaw public until Google has a chance to fix it, but the next hacker might not be so benevolent.
If Google wants to be a serious player in the mobile space, it has to earn our trust. Sure, the Google brand will go a long way to bring instant credibility, but that could be quickly eroded if the above becomes anything more than an isolated incident. Worse, too many flaws in Android and the tarnished reputation could spread to Google’s main brand.